RoyNexus
RoyNexus3mo ago

What's the best practice to keep out normal API app key secret from users?

We have two issues: 1. How we make sure all project collaborators can still keep a local key without Unity breaking references to the NormcoreAppSettings file? (This file is not git tracked) 2. How do we deploy binaries to clients without sharing that secret key?
4 Replies
kapa.ai
kapa.ai3mo ago
Hi @RoyNexus. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- To keep your Normcore API app key secret from users, you can follow these steps: 1. For project collaborators, you can use a .gitignore file to exclude the NormcoreAppSettings file from your repository. This way, each collaborator can have their own local copy of the file with the key, and it won't be tracked or shared via Git. This should prevent Unity from breaking references to the NormcoreAppSettings file. 2. For deploying binaries to clients, you should ensure that the key is not embedded in the client-side code. Instead, you can use a server-side script to authenticate with Normcore servers. This script should be hosted on a secure server that you control, and it should communicate with the client-side code using secure methods. This way, the key is never exposed to the client. Please note that these are general best practices and may need to be adapted to your specific project and workflow. For more detailed guidance, you may want to consult the Normcore documentation (https://normcore.io/documentation) or contact NormalVR support. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai3mo ago
<@362795742198235136> kapa.ai is still learning and improving, please let us know how it did by reacting below
maxweisel
maxweisel3mo ago
you can programmatically create NormcoreAppSettings objects whatever you’d use to obfuscate an API secret can be used with that method in two months or so we’re launching a new dashboard that will support a REST api for creating app keys. you can use that with your own server to only send app keys to clients that have verified their entitlement and aren’t patched too
RoyNexus
RoyNexus3mo ago
great, thanks for the reply. We'll do that for now then
More Posts
How are concurrent updates to a model property handled?If two clients update a model property at the exact same time (lets say an array of bool values encoRealtimeView get by object idIs there any way to get the same GameObject on 2 clients by an id?Room members are not syncingOn clicking on a common UI button player have to jump, it's working fine for host(player is jumping Receiving audio data on quest is different than receiving on PCTrying to listen to the Voice Data event on Realtime Avatar Voice. On PC the chucks come in sizes ofReconnect Audio after recording with the microphoneWe're making a multiplayer music making application. We're recording an audio clip with the MicrophoRealtimeView doesn't have a connected property?It appears RealtimeView doesnt' have a connected property, whats the best way to get connection statHow can I respawn avatar prefabHow can I respawn the VR Player prefabRequestOwnership not workingI'm having an issue with request ownership. I have a single RealtimeView and a single RealtimeModel is 2021 version is updated one? which is available on unity asset stoream wokring on a multiplayer project , i justr wanted to know if the plugin on unity store is updatedHandling Ownership Requests that are older than the newest requestsHello! In our multiplayer soccer game, we are facing an issue about ball ownership which causes the